how to secure a hosted server

PMc · Feb 23, 2021

It is commonly said, that, if somebody has physical access to a machine, there is no way to hinder them from doing whatever they want.
Now we have lots of offerings for hosted servers. Some are KVM aka VPS, some are actual metal. All are located and run at some place where the admin will not even have access to - but others do.

So, how do we make this somehow safe?

eternal_noob · Feb 23, 2021

If it has a CPU, it has a backdoor. There is no such thing as a secure server.

CPU backdoors

PMc · Feb 23, 2021

freebsd_noob said:
There is no such thing as a secure server.

Well, that's a bit too general for my expectations. Also thats why I pronounced it "somehow safe".

freebsd_noob said:
CPU backdoors

Oh, that's cool. Thats about how to hack a foundry. (Don't remember having asked for that.)

eternal_noob · Feb 23, 2021

Sorry for being offtopic. I just think that trying to secure a server is a hopeless task.

richardtoohey2 · Feb 23, 2021

Choose a DC with limited physical access, 24x7 security, cameras etc. Get your servers racked in locked racks and control who has the keys. Have cameras 24x7 recording your rack(s). Choose bare metal over any shared solution. Or set up your own DC and control physical access.

zirias@ · Feb 23, 2021

The only thing I could think of is full disk encryption, cause this is your typical measure to defend against attackers with physical access. But this has drawbacks: you can't store the key there (for obvious reasons), so any booting of the system means a manual task and your hoster must provide you with e.g. a serial console, so you can type in your passphrase to boot. That of course means your hoster could steal your passphrase sniffing on that serial console.

All in all, it probably boils down to: you have to trust someone enough to operate YOUR server, otherwise you have to keep it on your own grounds.

PMc · Feb 23, 2021

Thanks, both of you.

richardtoohey2 said:
Choose a DC with limited physical access, 24x7 security, cameras etc. Get your servers racked in locked racks and control who has the keys. Have cameras 24x7 recording your rack(s). Choose bare metal over any shared solution. Or set up your own DC and control physical access.

Okay, thats probably the way when we can attach a price-tag to the data that could be stolen. Because then we can make up a business-case and figure how much we can pay for these approaches.

I'm now triggering on that "24x7 security": so there will be some guys sitting there and observing 24x7, and there are some other guys who are observed, and, well, I know neither of both parties, even less which of them I might trust more. And there is another thing: if the government tells the first guys (those that do observe) to switch off and hand over the server, then I doubt they would fight, and one might be better off if the other guys (those that are observed) had stolen it beforehand.

Now for the practical part:

Zirias said:
The only thing I could think of is full disk encryption, cause this is your typical measure to defend against attackers with physical access. But this has drawbacks: you can't store the key there (for obvious reasons), so any booting of the system means a manual task and your hoster must provide you with e.g. a serial console, so you can type in your passphrase to boot. That of course means your hoster could steal your passphrase sniffing on that serial console.

All in all, it probably boils down to: you have to trust someone enough to operate YOUR server, otherwise you have to keep it on your own grounds.

That's basically the clue I got from various sources:
we would like to have the disk encrypted, but we can obviousely not store the key on the machine (as then anybody could just grab the machine and restart it), and we can also not enter the key from remote (because it could be logged in transit). So this is catch-22, and there is no solution.

The bottomline would be, there is just no security with hosted server.

richardtoohey2 · Feb 24, 2021

The bottom line - there is just no security - full stop.

Firmware, drivers, the Bloomberg-alleged secret chips, BMCs and other remote management, CPU micro-code bugs, software bugs, key loggers, software back doors, your ISPs backdoors, all the clever attacks that are allegedly possible (e.g. listening to your key strokes, doing things with your speaker that you cannot hear but transmit information). And that's before you start installing any programs.

And that's excluding governments, bribeable humans, phishing, etc.

It's about onions and lions. The onion is the layer-upon-layer of defences you put in place that will deter the casual attack. The lions is the old thing about you don't need to run faster than the lion - you just need to run faster than the other people - the lion will slow down to eat them. Make your set-up the least attractive and most difficult to get into and hopefully the attacker will get bored and find an easier target. But if you are the target - they will get in.

drhowarddrfine · Feb 24, 2021

There's an article from 2016 that states there have been only five server room heists in the previous 10 years. And those were at very large data centers of very large companies. If you choose any decent data center, I doubt you'll have any worry, as if anyone cares about your data versus Bank of America's data.

As far as the government walking in and demanding such things, the same applies. I'm betting the government doesn't care about it either. Reality check for all of us, probably.

wolffnx · Feb 24, 2021

PMc said:
It is commonly said, that, if somebody has physical access to a machine, there is no way to hinder them from doing whatever they want.
Now we have lots of offerings for hosted servers. Some are KVM aka VPS, some are actual metal. All are located and run at some place where the admin will not even have access to - but others do.

So, how do we make this somehow safe?

firts off all cameras recording 24/7 with the dvr put it in a safe place,
encrypted data (you have to do decrypt everythime that machine uptime)
put the key in a pendrive,plugin when machine is up and take it off when the maquine if off
even is their stole your harddrive
the wont do anything

SirDice · Feb 24, 2021

PMc said:
I'm now triggering on that "24x7 security": so there will be some guys sitting there and observing 24x7, and there are some other guys who are observed, and, well, I know neither of both parties, even less which of them I might trust more.

Most of the datacenters I've been too had reasonably strict access controls. For a datacenter I go to regularly for a client I have to be 'announced' in advance by my client to be there at a certain date and time. I'm registered with the datacenter, identification, fingerprints and all. Did that once and I have to verify my fingerprint every time I visit. Doors to each room have fingerprint locks. Racks themselves have combination locks (I know the code for the client's racks). There are cameras EVERYWHERE, there's at least a guard at the front desk that will let you in (after processing) and there's usually a few datacenter guys running around (usually only during office hours).

PMc · Feb 24, 2021

drhowarddrfine said:
There's an article from 2016 that states there have been only five server room heists in the previous 10 years. And those were at very large data centers of very large companies. If you choose any decent data center, I doubt you'll have any worry, as if anyone cares about your data versus Bank of America's data.

As far as the government walking in and demanding such things, the same applies. I'm betting the government doesn't care about it either. Reality check for all of us, probably.

You may still think that way, I don't.
There is no problem with criminal ops, as they apply to a business-case: there must be something of value to obtain, otherwise they will not bother to engage at all.

Government is different. Government has practically unlimited ressources, and government fears and fights one thing: truth.
Just look what happens to Julian Assange.

PMc · Feb 24, 2021

SirDice said:
Most of the datacenters I've been too had reasonably strict access controls. For a datacenter I go to regularly for a client I have to be 'announced' in advance by my client to be there at a certain date and time. I'm registered with the datacenter, identification, fingerprints and all.

That's when things started to go bad. I loved the old time when datacenter was basically the only room where smoking was allowed and ample beer supply was in the floor.

SirDice · Feb 24, 2021

PMc said:
I loved the old time when datacenter was basically the only room where smoking was allowed and ample beer supply was in the floor.

I remember a story about a server room at one of my old jobs (at least 25 years ago). On some day a manager came in during the night shift and found the mainframe operators smoking weed in the server room. Needless to say they were fired the next day. The Netherlands may be a progressive country with regards to drug usage but you weren't even allowed to smoke in the server room (in the offices this wasn't a problem, this was long before the smoking bans), let alone light up a funky one.

PMc · Feb 24, 2021

SirDice said:
I remember a story about a server room at one of my old jobs (at least 25 years ago). On some day a manager came in during the night shift and found the mainframe operators smoking weed in the server room. Needless to say they were fired the next day.

Oh bad luck. Well, we were consultants, so we were treated as guests, and some people are more equal than other people, so we went to the server room with the server room responsible for a smoke - and the point was, in the other rooms the girls would complain about smoking, but the machine room hat 1) proper air conditioner and 2) normally no girls.

Was some 20 years ago.
(And it didn't harm the shop, they're still stock exchange traded and looking rather well.)

drhowarddrfine · Feb 24, 2021

PMc said:
there must be something of value to obtain, otherwise they will not bother to engage at all.

That's exactly my point. Most of the time, one does not have anything of value to anyone else, or at least they would have difficulty finding a use for it.

Deleted member 30996 · Feb 24, 2021

PMc said:
Government is different. Government has practically unlimited ressources, and government fears and fights one thing: truth.
Just look what happens to Julian Assange.

The Govt. fears the person that holds that truth and tries to keep it from coming out by shutting up and shutting down that person.

It doesn't always work out that way and there's always that one chance in a million it blows up in their face and makes matters worse for them.

That's what they used to call The Booby Prize. It was the Booby who picked the one in a million that blew up in his face.

And that is the Lesson I spoke of. I turned out to be the Booby Prize in this instance.

ralphbsz · Feb 25, 2021

PMc said:
That's when things started to go bad. I loved the old time when datacenter was basically the only room where smoking was allowed and ample beer supply was in the floor.

In the 1970s, colleagues at Stanford used to store cocaine in the "electronics room" (today we would call that the server room). Another person tried to use the large particle accelerator to induce mutations in dope seeds, to make then more potent. Literally put MJ seeds into a particle beam in the vacuum chamber. He was caught by federal law enforcement, and served several years in jail.

ralphbsz · Feb 25, 2021

PMc said:
So, how do we make this somehow safe?

There are a lot of (silly) black and white answers above. But the real world is not black and white, it's complex and colored.

If you have a server that's "hosted" (in whatever fashion, ranging from a short-lived task on a VM somewhere in an AWS data center, to a wire cage with customer-controlled lock in a data center), then the people who have physical control of the infrastructure can, in extreme cases, get control of that server. By the same logic, if your server is connected to any network, than the people who control that network can in theory also do whatever they want to you. If you look only at extreme cases, nothing is safe.

But by the same logic, nothing is safe at other locations either. If you have your server at your house or your business, a burglar can come and steal it. Sure, you could encrypt the disks, but a smart burglar could come and install a listening device on whatever way you enter the decryption password (keyboard or network cable), come back a month later having sniffed the password, and then steal your computer.

In the real world, you have to do tradeoffs. I would say that having your server in a well-managed data center run by is on average very safe; probably much safer than having it in a badly managed hosted environment, and probably considerably safer than in typical residential environments.

zirias@ · Feb 25, 2021

Just adding to the very good answer above, I want to emphasize: The relevant question is "secure from whom?"

Secure from any 3rd party? Then there are hosters employing very effective security measures you probably couldn't afford when hosting yourself.

Secure from the hoster himself? Just impossible. You pay the hoster for operating your server which includes keeping it (physically) secure, and of course, you have to trust them about it.

PMc · Feb 25, 2021

ralphbsz said:
In the 1970s, colleagues at Stanford used to store cocaine in the "electronics room" (today we would call that the server room). Another person tried to use the large particle accelerator to induce mutations in dope seeds, to make then more potent. Literally put MJ seeds into a particle beam in the vacuum chamber. He was caught by federal law enforcement, and served several years in jail.

So much for freedom of science. But more interesting: did it work?

PMc · Feb 25, 2021

Zirias said:
Secure from any 3rd party? Then there are hosters employing very effective security measures you probably couldn't afford when hosting yourself.

Secure from the hoster himself? Just impossible. You pay the hoster for operating your server which includes keeping it (physically) secure, and of course, you have to trust them about it.

And that's the problem. Usually we not even have an idea who that hoster might be: you rent a server from some provider, then there are subcontractors who run the compute centers, there are other subcontractors who run a support staff (at changing places around the world), and all this is constantly moved to the lowest bidder.

There might be very tight controls about who is allowed to enter a server room, but there are no controls whatsoever about who might just buy one of those companies.

zirias@ · Feb 25, 2021

Still it's a simple thing: If you decide to worry more about trusting a company you'll have a contract with than about how well you can provide security and safety yourself (think physical access control, maybe surveillance, maybe redundancy over more than one location, and of course the cost for doing all this), you have your decision: Do it yourself

It's really coming down to a cake (have, eat) situation

Why would you consider a hoster? Cause it will save you a lot of money for things like mentioned above. And sure there is a price: trust.

Argentum · Feb 25, 2021

PMc said:
There might be very tight controls about who is allowed to enter a server room, but there are no controls whatsoever about who might just buy one of those companies.

Unless you are in North Korea...

zirias@ · Feb 25, 2021

Argentum said:
Unless you are in North Korea...

Maybe a business opportunity for Kim, THE guy you can trust… *scnr*

how to secure a hosted server

PMc

eternal_noob

PMc

eternal_noob

richardtoohey2

zirias@

PMc

richardtoohey2

drhowarddrfine

wolffnx

SirDice

Administrator

PMc

PMc

SirDice

Administrator

PMc

drhowarddrfine

Deleted member 30996

Guest

ralphbsz

ralphbsz

zirias@

PMc

PMc

zirias@

Argentum

zirias@